Description
Type of issue
Missing information
Feedback
First of all, very happy to finally have these logs available in log analytics - thank you!
- I am able to get data into my RetinaNetworkFlowLogs log analytics table as long as I follow this part of the guide strictly
However, enabling the AKS monitoring addon creates a DCR with a lot of costly logs which I am not interested in ingesting (yes I know it can be configured via configmap, but it is a hassle). After editing the DCR I am not seeing any new entries in the RetinaNetworkFlowLogs table no matter what I configure. Is it possible to configure the DCR at all, so that only RetinaNetworkFlowLogs are ingested to log analytics?
-
It is also unclear if the
--enable-high-log-scale-modeflag is actually required or reccomended for enablement. Personally I am just interested in RetinaNetworkFlowLogs for records which are Dropped. -
Is it possible to exclude traffic to/from specific IP CIDRs from being logged? E.g. I am seeing some dropped IPv6 traffic dropped due to dual stack not being enabled on my cluster.
UNSUPPORTED_L3_PROTOCOL. There may also be traffic to specific IPv4 addresses which I do not care about logging
Page URL
https://learn.microsoft.com/en-us/azure/aks/how-to-configure-container-network-logs?tabs=cilium
Content source URL
Author
Document Id
b7810c57-10eb-1e22-258f-050df903a3a4
Platform Id
5aa15265-0850-2034-6e64-f7539c7c96fb